[K12OSN] synaptic and K12LSTP repositories

Les Mikesell les at futuresource.com
Sun Aug 21 20:24:38 UTC 2005 

On Sun, 2005-08-21 at 13:22, Mike Heins wrote:
> 
> > Webmin takes a more distribution-agnostic approach by trying to parse
> > existing config files in their native form - but of course it now
> > has to accommodate the munged versions on RH/fedora systems too,
> > which tends to be a moving target as the system-config-xxx tools
> > are added and tweaked.  Personally, I'd rather have seen all the
> > effort go into making webmin better or helping people understand
> > the native config files instead of avoid them...
> 
> I think it more has to do with there being quite a few people who think
> having an SUID-root CGI program is insane. They would have a big problem
> with putting that out there by default, and I don't think I can blame
> them too much.

Webmin runs a standalone server with https, so it isn't exactly
a cgi program.  You are right that there have been security issues
found and fixed in the past, like just about every other program
that needs to execute some functions as root.  I think you'll
find that most of the attempts to do anything similar by people
who thought they could do better ended up introducing just as
many new security issues.  Even the old standby sudo has had
its share of bugs.

> In practice, webmin seems to be pretty secure and there are a lot
> of people using it successfully. I will admit to placing it a couple
> of places where the system administrators don't have strong Linux
> knowledge. But I don't think it is the right way to run a railroad
> if you have an alternative.

Unfortunately, 'the alternative' is years of experience...
Editing a text config file isn't all that difficult but most
programs have a zero-tolerance policy about syntax errors.
Omit a comma somewhere or spell a keyword wrong and the
application dies, often without a good diagnostic and sometimes
without any obvious indication except that all the users are
calling you about the service that no longer works.  Webmin
at least avoids most of the simple typo problems that a beginner
would otherwise face.  And it does it in a way that does not
interfere with normal edit-the-file administration.

If you need something even more extreme for fill-in-the-form
style administration there is the SME server that uses a
database and templated perl scripts to control everything
but it goes so far that it is difficult for someone with
normal Unix/Linux experience to customize or even understand.

-- 
  Les Mikesell
   les at futuresource.com

More information about the K12OSN mailing list